CVE-2019-0307

LOW

SAP Solution Manager - Missing Encryption

Title source: rule

Description

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.

References (2)

[Permissions Required, Vendor Advisory] https://launchpad.support.sap.com/#/notes/2772266

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Scores

CVSS v3 2.4

EPSS 0.0614

EPSS Percentile 90.8%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-311

Status published

Products (1)

sap/solution_manager 7.2

Published Jun 12, 2019

Tracked Since Feb 18, 2026